Software as a Service (SaaS):
The capability provided to the consumer is to use the Cloud Service Provider’s (CSP's) applications running on a cloud platform and infrastructure. The applications are accessible from various client devices through a thin client interface such as a web browser (e.g. web-based email). The consumer does not manage or control the underlying cloud platform and infrastructure including network, servers, operating systems, storage, or even individual application capabilities, with the possible exception of limited user-specific application configuration settings. Examples may include, but are not limited to:
• Government applications
• Internet services
• Virtual desktops
• Enterprise Resource Planning (ERP) systems
• Customer Relationship Management (CRM) systems
• Communication software (email, instant messaging)
Platform as a Service (PaaS):
The capability provided to the consumer is to deploy onto the cloud infrastructure of the CSP consumer-created or acquired applications, these applications are created using programming languages and tools supported by the CSP. The consumer does not manage or control the underlying cloud infrastructure including network, servers, operating systems, or storage, but has control over the deployed applications and possibly application hosting environment configurations. Examples may include, but are not limited to:
• Application development
• Database and database management (DBMS)
• Middleware (Web MQ, WebSphere, etc.)
• Testing and developer tools
• Directory Services
Infrastructure as a Service (IaaS):
The capability provided to the consumer is to provision processing, storage, networks and other fundamental computing resources. It’s up to the consumer to decide what software is deployed and operated, which can include operating systems and applications. The consumer does not manage or control the underlying cloud infrastructure but has control over operating systems, storage, deployed applications, and possibly limited control on selection of networking components (e.g. firewalls). Examples may include, but are not limited to: • Mainframes • Mid-tier Servers • Storage • IT Facilities/Hosting Services • Virtual Machines
Depending on the selected service model, users of the Cloud services will outsource certain portions of the IT value chain to the CSP. Figure 1 provides an overview of the scope covered by each service model. For instance, in the Software as a Service (SaaS) model, the CSP will provide a software application targeted towards end-user software clients, available via Cloud. As part of this offering, the CSP will cover the platform infrastructure, database management systems, libraries, software-processing tools and other test tools needed for applications development and implementation. Additionally, CSP will provide physical infrastructure, which typically includes the facility layer (heating, ventilation, power, etc.) and hardware layer (servers, storage, network components, etc.), as well as the virtualized infrastructure layer that includes software elements (hypervisor, virtual machines, and virtual data storage) that are used to realize the infrastructure upon which the Cloud computing platform can be established. Similarly, the Platform as a Service (PaaS) model covers the platform architecture layers as well as the infrastructure layer, both the physical and the virtualized one. As for Infrastructure as a Service (IaaS), CSP will provide the virtualized and the physical infrastructure layers alike.
Cloud computing has three primary deployment models; as most countries adopt a combination of these three models. Each of these deployment models can offer the different service models explained above, the main difference lies primarily in the level of control and ownership the CSP assumes versus the ownership of the user (consumer).
1. Public Cloud:
The cloud infrastructure is provisioned for open use by a variety of entities. It may be owned, managed, and operated by a business, academic, or government organization, or a combination of these. It exists on the premises of the cloud provider. Public Cloud is typically served by global players (e.g. AWS, Google Cloud, and Microsoft Azure) as well as by local players (e.g. local telecom and ICT players). CSP guarantees SLAs/Uptime and manages the copying of data. This model offers a “plug and play” model, which allows for faster timelines for deployment of new solutions.
2. Private Cloud:
The cloud infrastructure is provisioned for exclusive use by a single organization comprising of multiple users (e.g. divisions, departments and business units). It may be owned, managed, and operated by the organization and/or a third party (e.g. a CSP). The physical location may be on or off premise. There are no guarantees on SLAs/Uptime and copying of data is managed by the entity itself. Solutions development on private Clouds typically consume more time as all the deployment and testing needs to be done in-house. A common example of private cloud computing in the public sector is a cloud-computing platform owned by a government entity that typically serves that organization or a specific group of entities.
3. Community Cloud:
The cloud infrastructure is made available for exclusive use by a specific group of consumers from organizations that have shared/aligned interests (e.g., organization missions, cyber security requirements, and compliance considerations). It may be owned, managed, and operated by one or more of the organizations in the community and/or a third party. The physical location may be on or off premise. The CSP guarantees the SLAs/Uptime and manages the copying of data. This model offers a “plug and play” model, which allows for faster timelines for deployment of new solutions. A common form of community Cloud for the Public sector is a Government-owned community Cloud, which is often cited as “G-Cloud” or “Gov-Cloud”. This is a Cloud typically fully owned by a Government, and provisioned for the exclusive use of Governmental entities. A Governmental entity and/or a third party (e.g. a CSP) could do operations for this Cloud. It is typically located inside the country, mainly to protect data sovereignty.
The cloud infrastructure is a composition of two or more distinct cloud infrastructures (Private, community, or public) that remain unique entities, but are bound together by standardized or proprietary technology that enables data and application portability (e.g. transforming the private cloud platform into a public one for balancing the load between clouds).
Cloud Computing Shared Responsibility Model
While considering and evaluating public cloud services, it is necessary to understand the shared responsibility model, security tasks that the cloud service provider handles, and tasks that the user handles. Workload responsibilities vary depending on whether the workload is hosted on a Software as a Service (SaaS), Platform as a Service (PaaS), Infrastructure as a Service (IaaS) or on-premises data center (Hosting). The following diagram shows areas of responsibility between the client and the cloud service provider according to the type of cloud service model.